Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com ), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: soxgp.popi.io
I ran this command: sudo /opt/bitnami/bncert-tool
It produced this output:
An error occurred revoking certificates with Let's Encrypt:
2022/05/03 11:26:54 Trying to revoke certificate for domain soxgp.popi.io soxgp.popi.io https://acme-v02.api.letsencrypt.org/acme/revoke-cert ::
The problem is caused by my inclusion of the domain "soxgp.bitnamiapp.com " together with "soxgp.popi.io ". The domain bitnamiapp.com no longer exists.
My web server is (include version): Apache 2.4.46
The operating system my web server runs on is (include version): Debian
My hosting provider, if applicable, is: AWS
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
No. The problem is this:
And the (last) certificate indeed expired on April 6th. Today is May 3rd. crt.sh | soxgp.popi.io
I don't know why would you want to revoke an expired certificate. If you need a new certificate, get a new certificate and don't mess with old ones.
4 Likes
To add to @9peppe 's excellent response, revoking a cert should be an extremely rare thing. If you don't want to use a cert, just delete it, but the only reason you should revoke it is if you believe its corresponding private key has been compromised.
4 Likes
Itβs the automated process being executed that offers the option to use the existing certificate or revoke it (Y or N). So there is a certificate.
But, it reports an error if you select βYβ (to use the existing certificate) as the existing certificate includes a domain that no longer exists.
The only other option offered is βNβ. The response also an error - the certificate has expired.
Since both choices result in an error, is there a solution?
Yes, read this page. Towards the end there should be the solution you're looking for:
https://docs.bitnami.com/aws/how-to/understand-bncert/
3 Likes
I followed Approach B and have the same result.
A certificate was found at /opt/bitnami/letsencrypt/certificates/soxgp.popi.io.crt
It is registered for a different set of domains: soxgp.bitnamiapp.com soxgp.popi.io .
Do you want to disable/revoke the existing certificate and create a new one? [y/N]:
N gives an error
Y gives the following:
2022/05/03 14:12:14 Error while revoking the certificate for domain
soxgp.popi.io
acme: error: 403 :: POST ::
https://acme-v02.api.letsencrypt.org/acme/revoke-cert ::
urn:ietf:params:acme:error:unauthorized :: Certificate is expired
Follow the " Resetting the certificates" section
3 Likes
system
June 2, 2022, 2:58pm
9
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
